---
title: "Best Practices"
description: "General Kubernetes best practice policies. Enforce labels, probes, image tags, anti-affinity rules, and other operational standards for reliable and well-configured workloads."
diataxis: reference
applies_to:
  product: "kyverno"
audience: ["platform-engineer","devsecops"]
last_updated: 2026-03-25
url: https://docs.nirmata.io/docs/policy-sets/best-practices/
---


Kyverno policies enforcing general Kubernetes operational best practices.

## What's Covered

- **Required labels** — Enforce standard labels (app, version, owner) on workloads
- **Liveness and readiness probes** — Require health probes on all containers
- **Image tag policy** — Disallow the `latest` tag, require explicit versioning
- **Anti-affinity rules** — Encourage pod anti-affinity for high-availability workloads
- **Resource naming** — Enforce naming conventions across namespaces

All best practices policies are available in the [Nirmata policy library on GitHub](https://github.com/nirmata/kyverno-policies/tree/main/best-practices-k8s).